Finally: Some Sane Password Advice

Passwords

In every organization I have worked with managing user authentication and passwords was a huge challenge. The key issue was that the “old” password best practices were failed attempts to fix the user, not the system.

In order for passwords to be difficult to crack they should be both long and complex. Since people have a very hard time remembering long passwords we have accommodated shorter passwords - by adding rules to ensure a minimum level of complexity. Unfortunately this makes the resulting password challenging for a person to remember.

Length is actually more relevant to cracking difficulty than complexity. For short passwords we can literally try every possibility, thus complexity does not even matter. It is much better to have longer passwords (with less enforced complexity), i.e. a “pass phrase”. E.g. “ilovewatchingthesopranos” is much more secure than “Xc$1>”.

Read On

1791: We Did Not See This Coming

Personal Armory

The Second Amendment was passed fifteen years after the American Revolution, in 1791, as part of the Bill of Rights. This was just three years after the Constitution was ratified in 1788. The complete Second Amendment of the United States Constitution reads:

A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

James Madison originally proposed the Second Amendment as a way to provide more power to state militias. It begins with the concept that states must have a strong militia to ensure their security: “A well regulated Militia, being necessary to the security of a free State…”. The Second Amendment concludes with the notion that people must have the right to bear arms as an extension of the state militia concept (e.g. “the people” who can be called upon for military service during a time of need).

Read On

How to Kill 11 Million People?

Holocaust

This blog was meant for technology topics, not politics. However, I watched what happened in Charlottesville, VA on 8/12/2017. I actually saw people saluting and carrying Nazi flags. I was shocked and worried that our president didn’t immediately denounce racial hatred and bigotry. We cannot condone or allow racism, and we cannot allow our leaders to support it - especially if those leaders also lie to us. Citizens must demand truth, honesty and integrity from each other and our leaders, or suffer the consequences of our own ignorance and apathy.


One particular aspect of the Holocaust remains puzzling. How do you actually go about killing eleven million people? Why for month after month and year after year, did millions of intelligent human beings—guarded by a relatively few Nazi soldiers—willingly load their families into tens of thousands of cattle cars to be transported by rail to one of the many death camps scattered across Europe?

The answer is simple – you lie to them.

Read On

Internet != Smarter People

I thought the Internet would make ignorant people smarter and more informed, via better access to information. Instead the opposite happened. Ignorant people just polluted the Internet with false information.

Read On

The Inside-Out Corporation

the Internet

Using my personal laptop from any coffee shop, I can:

  • Access my bank account(s)
  • Access my retirement and brokerage accounts
  • Use my credit card to buy things
  • Review my medical test results
  • Send love notes to my wife

These are the most sensitive and private things I can imagine, and I can do these things securely from any untrusted network anywhere in the world.

So why do corporate networks still exist?

Most companies still have a separate corporate network, protected by firewalls, intrusion prevention/detection, dedicated administrators, VPNs, etc. Why is it that I can access information which is the most important, private, and precious to me, from any computer, via any network, without all that extra cost, complexity, overhead, and effort?

Read On